I've been using PFSense on a surplus dual-core PC I bought for $10 coupled with an Apple Time Capsule in AP mode and a cable modem since 2015, and have never looked back. So far this combo seems more bullet proof than most consumer routers for a fraction of the cost and headache :) - Thank you for this wonderful video tutorial :)
I've been using pfSense for years. It's great stuff. It can handle everything from simple home use, to advanced features like VPNs, VLANs, failover (high availability), multiple WANs, Let's Encrypt certificate updating, reverse proxy, ad blocking, and more. And in spite of what the guy said, the latest pfSense can be very resilient to being unplugged without shutting down because the latest version can use the ZFS filesystem which is awesome. Although I still don't recommend doing it 🙂
Instead of explaining to folks what I’ve been learning as I train as a CCNA, I’ll just point them to this video. Very informative and condensed. Love it
@@deang5622 no way to get that kind of learning boiled down to a 20 minute video, but this one will give just a taste of the basics and paint a picture of the scope of CCNA without much of the details. forest vs trees, this vid is forest
I consider myself very techie and have built all my systems from the ground up. However, I have never met anyone as thorough and as easy to follow as you, Naomi. You are an awesome asset to all of us who may or may not know much about what goes "behind the curtains." Thank you so much!
Made the jump on pfSense years ago and throw away my asus router. The best move I ever made. Btw, I wrote the first sentence before I even knew this video was about to introduce it :). This video is the best introduction to the topic and transition to pfSense I have seen. Will share it with all my friends! Thanks
100% agree - this is awesome content to get folks educated about home network protection. Also, make sure to research the manufacture, many devices (especially the cheaper ones) are made in china. When you buy a firewall try not to get one flashed in china, but look at hardware that has coreboot on it and toss on ipfire (easy) or pfsense (more complicated).
Literally everything you described this video I've been doing for like 6yrs now. Recently I did upgraded to a dedicated AP instead of using my old router.
Goodness I just love it when y'all creators make your own skits and don't shove stock footage at us, plus you even included a full tutorial in this video x.x Amazing.
@@martyn6792 its a chinese product, youre better off getting a prebuilt router from teklager (sweden) or parts (taiwan) from pc engines (usa/switzlerland) to build a router yourself. another option is to buy from netgate (official products from pfsense) if ur using pfsense instead of opnsense
@@cont8155 that's ridiculous and unfounded. It's like suggesting a raspberry pi has a chinese backdoor. When in reality almost all electornics are now made in China. All they provide is hardware, YOU put the your own firmware and OS on it. Any back door is going to be in the firmware you install.
I was just about to put the same comment. Did networking support for Big Corp for over a decade. I didn’t see a single misstep. The added bit about Apple’s self assigned IP demonstrates that the video was well thought out. She probably actually saw that happened and either understood why or found out why. Good job!
I am a new subscriber to your channel, Naomi. Please, do know that your work here is a very noble one. Don't ever stop making your content, please. You explain what big companies don't want us to know. Regards from Honduras ❤
Pretty damn complicated. Clear as mud. I wonder what percent of viewers are courageous enough to implement the steps recommended in this video. Hmmm. . . .
This is the kind of video I used watch then try to do it myself resulting in an absolute nightmare .. I finally learned the lesson after my last Windows re-install of shame to accept my limitations ☹️
Fantastic video Naomi and very well and professionally presented material. I love how quick and detailed your coverage of pfsense. Including the pro tips like literally unplugging and replugging the ethernet cable to get a new ip address. I am embarrassed that I never thought of just unplugging and replugging the cable lol. I would literally go into the command line or network settings to get a new ip, essentially the longer (dummy) method when I could have just did the trick you did. Can't wait for your upcoming videos on network segmentation.
I have Google mesh router with 3 AP's . The main Google Ap cannot be changed using conventional methods so I was wondering if there is a method to use pfSense and not current Google with the. I can configure the Google mesh router with a guest mode, that model well-made you have multiple guests for each peripheral I want to connect to the system I'm just fishing for some answers if you can help.
You're the best !!! I have been looking for this exact information to protect and isolate my information and devices. I'm looking forward to the other videos to isolate my home theater, so they function without collecting my data. I hope this all works out but I'm very concerned that if it doesn't, I won't be able to go online for assistance anymore. The last portion of this video seemed rushed and I hope I can download it for future reference if my system fails. If any one of these components stops working, I will be lost, lol. Thank you for everything you do to help make the world a safer place.
I am a former internet tech for a major isp. She's using the wrong terminology throughout this video. The item is actually a Gateway not a router. A Gateway combines a modem , and router into one unit. Please dont call your isp and say you have a router issue as I would be troubleshooting the wrong concern. I might send you a replacement gateway to fix the router when actually it might be just having you do a reset or getting a new iPhone address etc. To recap a gateway is what you want to talk to tech support about not a router
This is *great* content. I understand already all of it, but was still a compelling watch. One recommendation (YMMV): Use TWO routers of different makes in sequence. Yes some things have issues with double NATing but the average user (that's you if you don't know what NATing is) won't notice , and the non-average user can figure it out. Internet -> Router 1 -> Router 2 -> your devices Yes double NATing will break UPnP but...uh...good. I used this setup for decades with no issues gaming, using VPNs, etc.
My provider offered a Fritzbox for additional 4€ per month... well worth it! FritzBoxen are waaaaaay better than the usual D-Link or Netgear garbage. Updates for years and easy GUI. Today i configured DNS over TLS... just for fun and it was a breeze!
Kudos for using a Netgear router as the example - they've been atrocious for face-palmingly dumb WAN-side auth attacks; not all of which they fix on older models. Although brickbats (just little ones) for running a Netgear Nighthawk of some kind (a r7xxx series?) that's quite possibly capable of being flashed to one of the flavours of open source firmwares (DD-WRT, Open-WRT, Tomato) that means you get all the function of pfSense PLUS working WiFi AND more frequent updates without needing another hardware device to purchase and power. There's precious little difference between learning pfSense and learning *WRT. Although there is a very slim but not-entirely-zero chance you brick the router flashing it.
@@LilRedDog fair enough. I run one and it's bigger 8000 & 9000 brothers on DD-WRT where 5ghz works great. I've only used Open-WRT on Ubiquity gear to unlock radio restrictions. Open source firmware is still a great way of re-purposing an older router where the original manufacturer has officially or effectively abandoned it ... or simply crippled it with a rubbish firmware in the first place 🙄
Thanks, I've had to watch this episode twice to fully understand all the steps, I think I'm up for the challenge. I only wish I hadn't set a lot of my devices to a dedicated IP address, but I'm slowly changing them all to obtain there IP address automatically. Thanks for the great episode, looking forward to part two. Cheers from Australia 🇦🇺
All IP addresses on your internal network are dedicated. Once it has been assigned it can't be used by any other device in your network. You're getting mixed up, I suspect, on the difference between dynamically assigned and statically assigned IP addresses. Dynamically assigned is most often done by the DHCP protocol where your router acts as a DHCP server and issues IP addresses to the devices on the network. It's not true to suggest that DHCP dynamically assigned addressing is better than statically assigned addresses. Most companies use statically assigned addresses and there is a good reason for it. It begs the question, how did you end up with statically assigned addresses on your network if you don't know much about the subject?
@@deang5622 that's correct, from a security point of view the way the IPs are assigned for the LAN devices doesn't make much of a difference...maybe MAC filtering would make a difference (so that only MACs from a list can communicate w/ the router)?... imo these are just unnecessary complications for the home user (i'm not saying education is a waste of time). changing ('hiding') the router's LAN IP for example for security reasons takes more time to set up than for an attacker that's already connected to the LAN to detect. ppl need to realize that traffic outside their modems is monitored by the ISP for various reasons, traffic management being one since bandwidth is their greatest investment and they have no interest in sharing it for free, so it's not like the wild wild west outside the modems... and to prove my point, the vast majority of malware infections occur thru attachments (and links) followed by P2P shared material, both requiring the end user to click on a trap.. i use a dedicated firewall device and i'm yet to see sustained attempts of attacks or port probing in the logs going back decades...
Thank you for the video. There is allot of generalization in it. First: for firmware update reasons I suggest to use mikrotik devices you can manually update them as long as your willing to do it. And they are allot more cheaper. In fact this applies for pfSence as well. Second: If someone makes in your setup WiFi attack than your expensive setup falls apart. Third: these rules at the beginning in video apply on any device with old firmware in LAN. For example cameras smart devices, basically any device witch holds some sort of firmware. Forth: you don’t need expensive device for pfSence. In fact any old PC within reason will be more than capable running pfSence with LAN expansion card. For the last there is nothing 100% secure all the prevention makes your setup less prone to be attacked. I see the big work you put in to it. Keep up with a good work.
My biggest issue with ISPs these days is how they are forcing everyone onto using their all in one modem+router combo. The first issue I have with that is I want to choose my own premium router that suits my needs, with a gaming router with 4k support and dedicated 4k optimized networks, and having 8 ethernet ports (wired connections are faster, especially when living in a condo or apartment where you are drowning in other peoples wireless signals). I've been reading about how to use Bridge mode but according to some forums online, the ISPs don't want you doing this and its either not supported in their routers or your system doesn't work properly. I hope this isn't accurate but it had prevented me from migrating to these providers in general.
@@cyberwasp461more ports won't help when the router's internal hardware itself is crap. It's good to have more ports and hardwire everything, but the router hardware itself being good is essential.
Yes, all-in-ones from the ISP are completely garbage. I went from 25-50Mbps using the all-in-one to anywhere between 150-200Mbps using my Asus router. Like you, I couldn't find a "bridge mode" in my modem settings, but I did find "IP Passthrough" which is kind of the same thing. They do work differently and affect connection speed, but the end result is still basically the same and I doubt you would end up noticing a difference.
*Princess Naomi* : The RobinHood of Digital World. Much love and respect.. Thanks a bunch for educating us. Edit : 20mins worthy for being digitally secured.
This is almost exactly my setup. I too use a Protectli and I love it. I upped my router game to a mesh router, but it too is in AP mode. And yes, I have a managed switch between the Protectli and the router, plus another at a mesh satellite because I need wired connections there. Based on the comments I have seen here, I hope you address Pi-Hole versus pfBlockerNG in your next video.
I'll address it so she need not: Pi-hole with the Brave browser lets nothing through. I did add a custom list and block ~312,000 sites but even TH-cam loses with that combination.
@@LilRedDog have you tried pfBlockerNG? This does the same thing without needing an additional device. I have tried both and I am letting pfSense do the job. My Pi-hole was a fun project, but it is unnecessary if you already have a pfSense firewall.
@@DavidHathaway No I have not. Technically I have one device and a Browser. But I could VM Pi-hole on something but I love my Pi zero2 too much. It is so cute taped to the router and using WiFi to talk to the network. Can it recursive DNS? I'm sure you can: asking for a friend.😆
@@LilRedDog I used my Pi zero (OG version) for Pi-Hole and loved the cute bugger. Worked well for sure. And cheap! But I just don't need it since getting the Protectli and using pfSense with the pfBlockerNG package. I also use the Snort package to detect weird network traffic. I'd like to put my IoT devices on a different VLAN but I haven't figured that out quite yet; the fault is mine not pfSense. Anyways.... I do need to figure out what to do with my Pi now.
@@DavidHathaway Sell it on eBay for 3-10x what you paid for it, while you can!!!! I use my old one with a travel router; it is a hassle because it has no RTC and I have to set the date and time after 3 days of sitting. But I'm addicted.
Great video! I started on pfSense about seven or eight years ago and loaded it on a dual PIII server that I had added two dual gigabit NICs (64-bit PCI) - years later, I ported that configuration to a four-port Protectli mini-PC as shown. But that unit is now at my mom's house, as I have upgraded to a six-port Protectli at home. What amazes me is that I planned my network configuration so well that I haven't changed it much over the years. I look forward to more follow-up videos - I split the remaining interfaces other than the LAN and WAN to be my DMZ network and an "ADMIN" network. The LAN and ADMIN VLANs are trunked from my main managed switch to peripheral switches that can only be managed through the ADMIN network (only on a few systems I run). Of course, the ADMIN network has no wireless access points and is locked down in DHCP assignment. IoT and "guest" wireless are on the DMZ network. I like pfSense for being easy to move between devices too as upgrades are made...
Wouldn't it make more sense for the IoT stuff to be put on a different VLAN but not on the DMZ? Considering the security in IoT devices, it doesn't make sense to me to open them up to public like that.
@@diddy_dante: My IoT devices are actually locked down to where they only need to contact - I used Wireshark to figure out the minimum needed (i.e. Honeywell thermostat only allowed to communicate with Honeywell servers. The security camera DVR is also locked down to not give any traffic to the outside world.
Ubiquiti has been a very good product for us. A good way to classify it would be Cisco-like performance for a lot less money. No subscription costs. I see it being used in a lot of commercial settings these days and use it for my home and business. Easily configurable and expandable managed system with excellent firewall capabilities. Nothing is absolute out there, but Ubiquiti offers an enterprise system at a very competitive price point that works out of the box.
That’s why i love Merlin Firmware for ASUS routers. You can run Skynet additional firewall, Diversion. AI Protection from Trend Micro etc and it now has Wireguard server protocol available now.
This is a very, very good tutorial. 👏You broken it down pieces by pieces to make it easy to understand the task of each apparratus and the software side of it. I'm even happier to learn that Protectli and is an american base compagnie. And Brent Cowing seams a common sens person, so is probably the best person to represent Protectli. I'm going to by myself a Protectli apparatus. 😃// C'est un très, très bon tutoriel. 👏Vous l'avez décomposé pièce par pièce pour faciliter la compréhension de la tâche de chaque appareil et du côté logiciel. Je suis encore plus heureux d'apprendre que Protectli est une compagnie basée aux États-Unis. Et Brent Cowing semble être une personne sensée, donc c'est probablement la personne la mieux placée pour représenter Protectli. Je vais m'acheter un appareil Protectli. 😃
I wasJUST watching your video on VoIP and was wondering about making home internet connection secured. Taking notes and waiting for the next video about segmenting network :D
This is way too hard even for people who are interested in privacy like me. I just don't have the bandwidth to take on a project like this. You're not gonna catch most people, but it doesn't mean this education isn't worth doing.
It is not bandwidth you don't have, it's the technical knowledge and ability. And 98% of the public do not. So the idea this is pitched at any random Joe is farcical and that Joe can learn this stuff is nonsense.
Cyber security is all about levels of risk and protection. If you are not interested is higher levels of protection, then you are right this video doesn't apply. If you care more about security and privacy, then you'll take the time to learn this.
I love your videos and often find myself going down the TH-cam rabbit hole watching them. I am always delighted when you recommend something that I am already using. However, I have two questions. First, who do I turn to when something doesn't work as expected? Before I retired, I could go to the IT person at work and ask questions. They wouldn't always have the answers, but sometimes they would. Now, I am at a loss as to whom to ask. Second, I currently have one of those 5-in-1 routers from my ISP provider. I will probably have to buy my own router, as I did years ago. I've been breaking and fixing my computers since 2001, following videos and blogs. I once created a brick router and had to reinstall Windows when I attempted to follow directions for changing the registry. Learning processes are filled with mistakes, and I've gained a lot by researching my snafus. Sometimes, though, I've had to give up when I couldn't find the information I needed. Having an easy-to-access place where I can ask questions would be awesome. Thank you so much for providing these videos.
Broadband suppliers in the US can require modemrouters (integral) that are custom made for/by them. That usually means the actual customer is locked out of the update process and only the broadband supply can start updates. Which they have no interest in doing.
I would believe it. Listening to security now and hearing the stories of microtik, Asus, D-Link, Netgear, Belkin, Cisco, and Linksys problems... Well.... Up until recently, the routers required manual firmware updates. Thankfully now, many of them self update.
@@ltsiver any network hardware manufacturer is going to be affected by vulnerabilities. Of the ones you listed, Cisco and Mikrotik are the ones I'd trust to actually release updates as they aren't targeting the residential market exclusively.
Untangle, owned by Arista, does the same except it has a lot of extra features giving you a full dashboard and a whole host of network software such as Web Filtering, Virus Blockers, Threat Prevention, Firewall, Bandwidth Control, etc.... and even has load balancing for two WAN's if you want (so that if one of your ISP's goes down, you have a backup). Good topic. I went through the network redesign a couple years ago. Thanks!
@@cpufrost - For most people, correct. There is a free level. But, to get higher levels of protection like BitDefender, there is a cost. Licensing for virus protection, web filtering, etc... isn't free. Updates occur at least twice daily. For this high level of protection, it requires resources that aren't working for free. Zero Day attach protection requires frequent updates. Blocking these threats at the firewall protects your IOT devices that aren't well protected.
Yes, I do believe it. ISPs give old and low-end hardware which I should be grateful it even comes with firmware in English. Security might as well be their last concern.
13:46 power tip: plug the vault into a UPS then, I see they have a UPS addon, but it wont send a shutdown signal for prolonged power cuts, the one with usb ports paired with a normal one might do it
If I got one of those things I would not know how to set it up even after watching the video... also I know Tom Baker the 4th Doctor, and when I called him on the phone he answered, I think he still lives in the same house he was living in back in the 20th century.
I moved from a pfsense setup to a Microtik router/switch. The price was competitive and their RouterOS is enterprise level software. Plus the mikrotik throughput was much higher than what the pfsense box could handle.
CONCERN: @13:30, Protectli OS CORRUPTION. In areas with frequent power outages, it's not always possible to properly shut down devices. My current modem, router & switch start up OK when power is restored, whether I'm home or not. So, looks like you need to ADD a UPS to this setup. QUESTION: @18:50 why a MANAGED switch? Why not a simple unmanaged switch?
this video was much more advance than i would have suspected. you mention stuff like pfsense, coreboot bios and other technical tips. only thing you missed was pfblocker but this is still pretty good for newbies that need to know the basics. can tell you put in the research and effort into this video. kudos :]
The 169.254.*.* IP range also applies in a Windows environment as well. I'd assume it happens in most OSs. The oldest version of Windows I remember seeing this with was Windows XP. The 169.254.*.* is also called an APIPA for Automatic Private IP Addressing. Another reason to use a separate device for the wireless you don't have to replace the router to gain access to newer wireless standards as you only have to replace the access point. Also, some routers don't have the convenient setting to switch it into access point mode. If the router you are putting in access point mode, the main thing you need to do is turn off the DHCP server & if it provides the option to point it to one of the ID addresses not handed out by DHCP.
My setup is a lot different. My phone hotspot is my internet source. I use a GL-iNet "mango" router in repeater mode to a switch via ethernet cable. My guests can use WiFi and my PC uses ethernet. This Video is good for those that use cable internet. I just don't use any cable company.
A firewall can also block outgoing traffic. This is good to keep children safe from unwanted websites (blacklisting) and blocking certain outgoing ports usually assigned to known malicious software, although clever hackers can modify their software to change the common port. A good example of a port to block in a security conscious company would be port 3389 used for remote access.
Lots of junk out there. Netgear make lots of good stuff, but the R7000 router had a DNS rebinding issue. Wat back when I used a 3 modem setup, I had to move the R7000 from the front unit to one of the two back units. I have been using pfSense for many years. First 4 years I used the Netgate SG-2440 and the unit still works as a secondary FW. For about 5 years now, I am using a 6 port Qotom brick PC and very happy with it. I have VLANS and a LAGG setup.
Oh, one thing I've always got in my Internet connection (router etc) is a UPS backup, a battery backed up power supply in the event of a power cut. Also have one for computer supply. Costs half the amount of a desktop but waaaay less than losing data.
Not sure I understand why you would need pfSense if you've already got the firewall features of your router enabled, and you've got a relatively new router (
Pfsense is the best firewall. Also can protect you from having the router ping the manufacturer with your data. Pfsense makes it easier to setup multiple networks to separate iot from your devices and guests. It blocks all incoming traffic unless requested by a device in the local network.
Got the Vilfo VPN router. They're roadmap shows a lot of transparency in my opinion. And it seems like they do update more regularly than any vendor I've seen. As far as security, I haven't gotten hit once since installation in November 2022 thanks to their software based built-in VPN server(separate from whomever your VPN provider is as it supports multiple providers). They do allow you to but do not recommend opening the remote WAN which was the case for my old ISP router that caused my Synology NAS to get hit with over 10,000 attempts via bots or hackers from 2014 to November 2022 which were recorded by its auto block feature.
Thanks very much Naomi, I'm not based in the US, so I take I can't really make use of the content of this video? But I'm going to read up on all the things mentioned. 👍🏼
PFSense here. Internal networks/servers/VM's on zero trust networking principles (including WLAN isolation). Zero trust: Block all traffic, specific services (ports) only as needed. GeoIP blocking, and other mitigations at the network layer. Separate vLAN's for storage, services/VM's, out of band management, and clients. I'd say my network is pretty hardened. 😅
I don't have any money to spend on an add-on box. How can we adjust our EXISTING routers to be as secure as possible? Also, in California, our power often shuts off with no warning, so we need robust boxes that will not become corrupted when power cycled. Thanks.
It would be great if device manufacturers or at least router manufacturers would just support OpenWRT or pfSense directly, and maybe just make a custom interface of one of those for their router. Speaking of, can you compare pfSense, OpenWRT, and DD-WRT? My usual setup involves making sure to use an OpenWRT supported router, and since I'm already familiar with IP CHAINS in Linux, it makes sense to me (with that said, OpenWRT and DD-WRT do have pretty decent UIs that make it easy to do typical firewall changes without having to get into the weeds with IP CHAINS). I like being able to just install an updated and more powerful firmware directly on the router that's connected directly to the wider Internet, and I get wanting to be able to just unplug just the Wifi (which, to be clear, could still be done with OpenWRT and a wholly separate device dedicated to that purpose, of course), but maybe I'm missing something with just using OpenWRT instead of pfSense?
Excellent comment. DD-WRT and OpenWRT are excellent, and are definitely worth investigating. They work with many models of wireless routers, and are a great way to rejuvenate and repurpose old equipment that might otherwise be discarded.
After $2/300 for a nice Moden Router, It's hard for the average household to jusstify another $300 for Protectli Vault to keep our network safe. What are ISPs doing extra for our safety? They're raking in all the $$. Thanks again
I've been using PFSense on a surplus dual-core PC I bought for $10 coupled with an Apple Time Capsule in AP mode and a cable modem since 2015, and have never looked back. So far this combo seems more bullet proof than most consumer routers for a fraction of the cost and headache :) - Thank you for this wonderful video tutorial :)
I've been using pfSense for years. It's great stuff. It can handle everything from simple home use, to advanced features like VPNs, VLANs, failover (high availability), multiple WANs, Let's Encrypt certificate updating, reverse proxy, ad blocking, and more. And in spite of what the guy said, the latest pfSense can be very resilient to being unplugged without shutting down because the latest version can use the ZFS filesystem which is awesome. Although I still don't recommend doing it 🙂
Instead of explaining to folks what I’ve been learning as I train as a CCNA, I’ll just point them to this video. Very informative and condensed. Love it
So you think Joe Public is going to learn CCNA?
Yeah, good luck with that mate.
@@deang5622 no way to get that kind of learning boiled down to a 20 minute video, but this one will give just a taste of the basics and paint a picture of the scope of CCNA without much of the details. forest vs trees, this vid is forest
@@deang5622 way to be a negative nancy :p
I consider myself very techie and have built all my systems from the ground up. However, I have never met anyone as thorough and as easy to follow as you, Naomi. You are an awesome asset to all of us who may or may not know much about what goes "behind the curtains."
Thank you so much!
Made the jump on pfSense years ago and throw away my asus router. The best move I ever made. Btw, I wrote the first sentence before I even knew this video was about to introduce it :). This video is the best introduction to the topic and transition to pfSense I have seen. Will share it with all my friends! Thanks
Naomi, this channel is impeccable. The fact that you have anything less than a kajillion subscribers perplexes me beyond verbal expression 🤷♂️
Shuuushhh she is ours.Lose lips sink ships.
@@garymichael8591 💯
@@garymichael8591 don’t’lose’ your lips!
You and NetworkChuck are excellent at this! You both cover SO MANY GREAT topics here. Looking forward to the continuation of this topic!
I can't stand watching NetworkChuck. He's way too annoying.
@@fourtwanky Cant understand? LOL. go back to school then. The topics he cover as much more diverse and accurate compared to this privacy freak.
@@marco31 Get over yourself
@@fourtwanky I would have said that in ALL CAPS but you beat me to it. Put the campy humour back in the closet Chuck.
100% agree - this is awesome content to get folks educated about home network protection. Also, make sure to research the manufacture, many devices (especially the cheaper ones) are made in china. When you buy a firewall try not to get one flashed in china, but look at hardware that has coreboot on it and toss on ipfire (easy) or pfsense (more complicated).
Literally everything you described this video I've been doing for like 6yrs now.
Recently I did upgraded to a dedicated AP instead of using my old router.
Literally!
Goodness I just love it when y'all creators make your own skits and don't shove stock footage at us, plus you even included a full tutorial in this video x.x Amazing.
My day job is IT and this is a superbly put together video with excellent explanations and walk throughs. Protectli looks an interesting product
Thanks for watching!
APU2 is better Protectli most likely has a chinese backdoor
@@cont8155 Interesting thought, where is protectli made ?
@@martyn6792 its a chinese product, youre better off getting a prebuilt router from teklager (sweden) or parts (taiwan) from pc engines (usa/switzlerland) to build a router yourself. another option is to buy from netgate (official products from pfsense) if ur using pfsense instead of opnsense
@@cont8155 that's ridiculous and unfounded. It's like suggesting a raspberry pi has a chinese backdoor. When in reality almost all electornics are now made in China. All they provide is hardware, YOU put the your own firmware and OS on it. Any back door is going to be in the firmware you install.
I work as an IT consultant. This was a very good video. Accurate and clearly presented.
I really appreciate that!
Indeed. They're basically breaking down a standard business setup into something that individuals can implement at home.
I was just about to put the same comment. Did networking support for Big Corp for over a decade. I didn’t see a single misstep. The added bit about Apple’s self assigned IP demonstrates that the video was well thought out. She probably actually saw that happened and either understood why or found out why. Good job!
I switched to Opnsense on a tiny x86 PC with 4x2.5Gb ports and absolutely love it
Video feels like it's sponsored by Protectli, since it is the only product mentioned as a potential solution.
Some folks prefer OPNsense over PFsense.
Dang Naomi, you really did your research and applied it well on this video! I'm impressed and thank you! You just gained a follower.
I am a new subscriber to your channel, Naomi. Please, do know that your work here is a very noble one. Don't ever stop making your content, please. You explain what big companies don't want us to know.
Regards from Honduras ❤
Naomi is a modern day super hero.
lol pretty much. Need a wife like this. This woman is impressive.
I agree
Facts
Your specific details about setting up and the finer points on everything are what make your videos so great for newbies. Thank you!!
Pretty damn complicated. Clear as mud. I wonder what percent of viewers are courageous enough to implement the steps recommended in this video. Hmmm. . . .
This is the kind of video I used watch then try to do it myself resulting in an absolute nightmare .. I finally learned the lesson after my last Windows re-install of shame to accept my limitations ☹️
Fantastic video Naomi and very well and professionally presented material. I love how quick and detailed your coverage of pfsense. Including the pro tips like literally unplugging and replugging the ethernet cable to get a new ip address. I am embarrassed that I never thought of just unplugging and replugging the cable lol. I would literally go into the command line or network settings to get a new ip, essentially the longer (dummy) method when I could have just did the trick you did. Can't wait for your upcoming videos on network segmentation.
I have Google mesh router with 3 AP's . The main Google Ap cannot be changed using conventional methods so I was wondering if there is a method to use pfSense and not current Google with the. I can configure the Google mesh router with a guest mode, that model well-made you have multiple guests for each peripheral I want to connect to the system I'm just fishing for some answers if you can help.
You're the best !!! I have been looking for this exact information to protect and isolate my information and devices. I'm looking forward to the other videos to isolate my home theater, so they function without collecting my data. I hope this all works out but I'm very concerned that if it doesn't, I won't be able to go online for assistance anymore. The last portion of this video seemed rushed and I hope I can download it for future reference if my system fails. If any one of these components stops working, I will be lost, lol. Thank you for everything you do to help make the world a safer place.
what i like on pfsense is the migration from device to other device , you can back up near all the setting on it.
WOW!!, Beautiful inside and out!! for what its worth my family and friends appreciate what you do. THANK YOU!! GOD BLESS.
I am a former internet tech for a major isp. She's using the wrong terminology throughout this video. The item is actually a Gateway not a router. A Gateway combines a modem , and router into one unit. Please dont call your isp and say you have a router issue as I would be troubleshooting the wrong concern. I might send you a replacement gateway to fix the router when actually it might be just having you do a reset or getting a new iPhone address etc. To recap a gateway is what you want to talk to tech support about not a router
Naomi is super intelligent, her videos are always very well made and packed with very useful information....and she gorgeous on top of all that!
This is *great* content. I understand already all of it, but was still a compelling watch.
One recommendation (YMMV):
Use TWO routers of different makes in sequence. Yes some things have issues with double NATing but the average user (that's you if you don't know what NATing is) won't notice , and the non-average user can figure it out.
Internet -> Router 1 -> Router 2 -> your devices
Yes double NATing will break UPnP but...uh...good.
I used this setup for decades with no issues gaming, using VPNs, etc.
My provider offered a Fritzbox for additional 4€ per month... well worth it! FritzBoxen are waaaaaay better than the usual D-Link or Netgear garbage. Updates for years and easy GUI. Today i configured DNS over TLS... just for fun and it was a breeze!
Normal people are not going to be able to understand any of this unfortunately. Still all of this is a good idea.
first time i see your channel, i am a student in IT and found your video very educational and clear, keep up the good work
Kudos for using a Netgear router as the example - they've been atrocious for face-palmingly dumb WAN-side auth attacks; not all of which they fix on older models.
Although brickbats (just little ones) for running a Netgear Nighthawk of some kind (a r7xxx series?) that's quite possibly capable of being flashed to one of the flavours of open source firmwares (DD-WRT, Open-WRT, Tomato) that means you get all the function of pfSense PLUS working WiFi AND more frequent updates without needing another hardware device to purchase and power.
There's precious little difference between learning pfSense and learning *WRT. Although there is a very slim but not-entirely-zero chance you brick the router flashing it.
Actyally:
Open-WRT does not like the chipset in the R7000. So it is 2.4Ghz only with that firmware.
@@LilRedDog fair enough. I run one and it's bigger 8000 & 9000 brothers on DD-WRT where 5ghz works great. I've only used Open-WRT on Ubiquity gear to unlock radio restrictions.
Open source firmware is still a great way of re-purposing an older router where the original manufacturer has officially or effectively abandoned it ... or simply crippled it with a rubbish firmware in the first place 🙄
Thanks, I've had to watch this episode twice to fully understand all the steps, I think I'm up for the challenge. I only wish I hadn't set a lot of my devices to a dedicated IP address, but I'm slowly changing them all to obtain there IP address automatically. Thanks for the great episode, looking forward to part two. Cheers from Australia 🇦🇺
All IP addresses on your internal network are dedicated. Once it has been assigned it can't be used by any other device in your network.
You're getting mixed up, I suspect, on the difference between dynamically assigned and statically assigned IP addresses.
Dynamically assigned is most often done by the DHCP protocol where your router acts as a DHCP server and issues IP addresses to the devices on the network.
It's not true to suggest that DHCP dynamically assigned addressing is better than statically assigned addresses.
Most companies use statically assigned addresses and there is a good reason for it.
It begs the question, how did you end up with statically assigned addresses on your network if you don't know much about the subject?
@@deang5622 that's correct, from a security point of view the way the IPs are assigned for the LAN devices doesn't make much of a difference...maybe MAC filtering would make a difference (so that only MACs from a list can communicate w/ the router)?...
imo these are just unnecessary complications for the home user (i'm not saying education is a waste of time). changing ('hiding') the router's LAN IP for example for security reasons takes more time to set up than for an attacker that's already connected to the LAN to detect.
ppl need to realize that traffic outside their modems is monitored by the ISP for various reasons, traffic management being one since bandwidth is their greatest investment and they have no interest in sharing it for free, so it's not like the wild wild west outside the modems...
and to prove my point, the vast majority of malware infections occur thru attachments (and links) followed by P2P shared material, both requiring the end user to click on a trap..
i use a dedicated firewall device and i'm yet to see sustained attempts of attacks or port probing in the logs going back decades...
Thank you for the video. There is allot of generalization in it.
First: for firmware update reasons I suggest to use mikrotik devices you can manually update them as long as your willing to do it. And they are allot more cheaper. In fact this applies for pfSence as well.
Second: If someone makes in your setup WiFi attack than your expensive setup falls apart.
Third: these rules at the beginning in video apply on any device with old firmware in LAN. For example cameras smart devices, basically any device witch holds some sort of firmware.
Forth: you don’t need expensive device for pfSence. In fact any old PC within reason will be more than capable running pfSence with LAN expansion card.
For the last there is nothing 100% secure all the prevention makes your setup less prone to be attacked.
I see the big work you put in to it. Keep up with a good work.
Don't forget you now also need a UPS for your router... as they didn't really mention in the video.
My biggest issue with ISPs these days is how they are forcing everyone onto using their all in one modem+router combo. The first issue I have with that is I want to choose my own premium router that suits my needs, with a gaming router with 4k support and dedicated 4k optimized networks, and having 8 ethernet ports (wired connections are faster, especially when living in a condo or apartment where you are drowning in other peoples wireless signals). I've been reading about how to use Bridge mode but according to some forums online, the ISPs don't want you doing this and its either not supported in their routers or your system doesn't work properly. I hope this isn't accurate but it had prevented me from migrating to these providers in general.
if you need more ports just get a switch. Easy to setup and they have ones from 8 up to 32 ports or more. Everything I have is hardwired.
@@cyberwasp461more ports won't help when the router's internal hardware itself is crap. It's good to have more ports and hardwire everything, but the router hardware itself being good is essential.
Yes, all-in-ones from the ISP are completely garbage. I went from 25-50Mbps using the all-in-one to anywhere between 150-200Mbps using my Asus router. Like you, I couldn't find a "bridge mode" in my modem settings, but I did find "IP Passthrough" which is kind of the same thing. They do work differently and affect connection speed, but the end result is still basically the same and I doubt you would end up noticing a difference.
I'm spankin New to Cybersecurity,.... this is Beyond HELPFULLLLLLLLLLLLLL!!!
*Princess Naomi* :
The RobinHood of Digital World.
Much love and respect.. Thanks a bunch for educating us.
Edit : 20mins worthy for being digitally secured.
This is almost exactly my setup. I too use a Protectli and I love it. I upped my router game to a mesh router, but it too is in AP mode. And yes, I have a managed switch between the Protectli and the router, plus another at a mesh satellite because I need wired connections there.
Based on the comments I have seen here, I hope you address Pi-Hole versus pfBlockerNG in your next video.
I'll address it so she need not:
Pi-hole with the Brave browser lets nothing through.
I did add a custom list and block ~312,000 sites but even TH-cam loses with that combination.
@@LilRedDog have you tried pfBlockerNG? This does the same thing without needing an additional device. I have tried both and I am letting pfSense do the job. My Pi-hole was a fun project, but it is unnecessary if you already have a pfSense firewall.
@@DavidHathaway No I have not.
Technically I have one device and a Browser.
But I could VM Pi-hole on something but I love my Pi zero2 too much.
It is so cute taped to the router and using WiFi to talk to the network.
Can it recursive DNS?
I'm sure you can: asking for a friend.😆
@@LilRedDog I used my Pi zero (OG version) for Pi-Hole and loved the cute bugger. Worked well for sure. And cheap!
But I just don't need it since getting the Protectli and using pfSense with the pfBlockerNG package. I also use the Snort package to detect weird network traffic. I'd like to put my IoT devices on a different VLAN but I haven't figured that out quite yet; the fault is mine not pfSense. Anyways....
I do need to figure out what to do with my Pi now.
@@DavidHathaway Sell it on eBay for 3-10x what you paid for it, while you can!!!!
I use my old one with a travel router; it is a hassle because it has no RTC and I have to set the date and time after 3 days of sitting.
But I'm addicted.
Excellent guide Naomi, that's exactly what I have done, except I used an old PC with 2 network cards for installing pfSense.
And what does that cost in electricity a year?
@@LilRedDog I am not sure, I should actually find out! I think it has an 80 watt power supply.
Great video! I started on pfSense about seven or eight years ago and loaded it on a dual PIII server that I had added two dual gigabit NICs (64-bit PCI) - years later, I ported that configuration to a four-port Protectli mini-PC as shown. But that unit is now at my mom's house, as I have upgraded to a six-port Protectli at home. What amazes me is that I planned my network configuration so well that I haven't changed it much over the years.
I look forward to more follow-up videos - I split the remaining interfaces other than the LAN and WAN to be my DMZ network and an "ADMIN" network. The LAN and ADMIN VLANs are trunked from my main managed switch to peripheral switches that can only be managed through the ADMIN network (only on a few systems I run). Of course, the ADMIN network has no wireless access points and is locked down in DHCP assignment. IoT and "guest" wireless are on the DMZ network.
I like pfSense for being easy to move between devices too as upgrades are made...
Wouldn't it make more sense for the IoT stuff to be put on a different VLAN but not on the DMZ? Considering the security in IoT devices, it doesn't make sense to me to open them up to public like that.
@@diddy_dante: My IoT devices are actually locked down to where they only need to contact - I used Wireshark to figure out the minimum needed (i.e. Honeywell thermostat only allowed to communicate with Honeywell servers. The security camera DVR is also locked down to not give any traffic to the outside world.
@@IBM_Museum ah ok that seems good then
Ubiquiti has been a very good product for us. A good way to classify it would be Cisco-like performance for a lot less money. No subscription costs. I see it being used in a lot of commercial settings these days and use it for my home and business. Easily configurable and expandable managed system with excellent firewall capabilities.
Nothing is absolute out there, but Ubiquiti offers an enterprise system at a very competitive price point that works out of the box.
Naomi...I love your channel.
Very very informative in a way that I can understand.
Thank you so much👍
This video is great, Naomi. What a wonderful explanation and tutorial on Protectli and internet security.
How come I haven't seen you until now.....such a pretty unsung hero ❤️
The router, like hellblazer, is gateway between earth and hell. Great video, the Naomi twins have done it again.
That’s why i love Merlin Firmware for ASUS routers. You can run Skynet additional firewall, Diversion. AI Protection from Trend Micro etc and it now has Wireguard server protocol available now.
This is a very, very good tutorial. 👏You broken it down pieces by pieces to make it easy to understand the task of each apparratus and the software side of it. I'm even happier to learn that Protectli and is an american base compagnie. And Brent Cowing seams a common sens person, so is probably the best person to represent Protectli. I'm going to by myself a Protectli apparatus. 😃// C'est un très, très bon tutoriel. 👏Vous l'avez décomposé pièce par pièce pour faciliter la compréhension de la tâche de chaque appareil et du côté logiciel. Je suis encore plus heureux d'apprendre que Protectli est une compagnie basée aux États-Unis. Et Brent Cowing semble être une personne sensée, donc c'est probablement la personne la mieux placée pour représenter Protectli. Je vais m'acheter un appareil Protectli. 😃
I am glad I subscribed to your channel. The subjects and the production of this channel are fantastic.
Thank you very much!
@@NaomiBrockwellTV No, thank you ❤❤❤
I wasJUST watching your video on VoIP and was wondering about making home internet connection secured. Taking notes and waiting for the next video about segmenting network :D
This is way too hard even for people who are interested in privacy like me. I just don't have the bandwidth to take on a project like this.
You're not gonna catch most people, but it doesn't mean this education isn't worth doing.
"I just don't have the bandwidth to take on a project like this"
I see what you did there...😇
It is not bandwidth you don't have, it's the technical knowledge and ability.
And 98% of the public do not.
So the idea this is pitched at any random Joe is farcical and that Joe can learn this stuff is nonsense.
@@deang5622 I thought you were being -intentionally- punny; my bad.
Cyber security is all about levels of risk and protection. If you are not interested is higher levels of protection, then you are right this video doesn't apply. If you care more about security and privacy, then you'll take the time to learn this.
@@wannabedal-adx458 Agreed. We all do what we feel we are able to do, what's worth it for us.
Hi Naomi, great series. Just invested in a Protectli/Pfsense project. Looking forward to putting it all in place.
Thank you!😊
A great video. I loved the first part explaining in lay person terms on how everything is glued together to make a home network work!😅
This is GREAT Info. Seems too complicated for a non techy like me
I love your videos and often find myself going down the TH-cam rabbit hole watching them. I am always delighted when you recommend something that I am already using. However, I have two questions. First, who do I turn to when something doesn't work as expected? Before I retired, I could go to the IT person at work and ask questions. They wouldn't always have the answers, but sometimes they would. Now, I am at a loss as to whom to ask. Second, I currently have one of those 5-in-1 routers from my ISP provider. I will probably have to buy my own router, as I did years ago.
I've been breaking and fixing my computers since 2001, following videos and blogs. I once created a brick router and had to reinstall Windows when I attempted to follow directions for changing the registry. Learning processes are filled with mistakes, and I've gained a lot by researching my snafus. Sometimes, though, I've had to give up when I couldn't find the information I needed. Having an easy-to-access place where I can ask questions would be awesome.
Thank you so much for providing these videos.
Broadband suppliers in the US can require modemrouters (integral) that are custom made for/by them. That usually means the actual customer is locked out of the update process and only the broadband supply can start updates. Which they have no interest in doing.
I appreciate that she pronounces it router instead of rooter. LOL. Love Naomi's videos and she is a hot nerd... even better! LOL! ❤
I would believe it. Listening to security now and hearing the stories of microtik, Asus, D-Link, Netgear, Belkin, Cisco, and Linksys problems... Well....
Up until recently, the routers required manual firmware updates. Thankfully now, many of them self update.
What do you have against Mikrotik or Cisco?
Both are perfectly fine solutions, but are not really for beginners or novices.
@@shaunclarke94 I don't have anything against them. I was referring to their security flaws.
@@ltsiver any network hardware manufacturer is going to be affected by vulnerabilities.
Of the ones you listed, Cisco and Mikrotik are the ones I'd trust to actually release updates as they aren't targeting the residential market exclusively.
Awesome information. This is something I’ve been looking to do for my home network. Thank you.
Thanks for putting thought and action resulting in the common good.
All of your videos are so thorough. Keep it up!
Untangle, owned by Arista, does the same except it has a lot of extra features giving you a full dashboard and a whole host of network software such as Web Filtering, Virus Blockers, Threat Prevention, Firewall, Bandwidth Control, etc.... and even has load balancing for two WAN's if you want (so that if one of your ISP's goes down, you have a backup). Good topic. I went through the network redesign a couple years ago. Thanks!
Untangle is subscription based, however.
@@cpufrost - For most people, correct. There is a free level. But, to get higher levels of protection like BitDefender, there is a cost. Licensing for virus protection, web filtering, etc... isn't free. Updates occur at least twice daily. For this high level of protection, it requires resources that aren't working for free. Zero Day attach protection requires frequent updates. Blocking these threats at the firewall protects your IOT devices that aren't well protected.
Does it support split tunneling for VPNs and support for multiple VPNs?
Thank you @Naomi, I just set my system to your advice here and I'm up and running!
Nice! Let me know how you like it!
Yes, I do believe it. ISPs give old and low-end hardware which I should be grateful it even comes with firmware in English. Security might as well be their last concern.
13:46 power tip: plug the vault into a UPS then,
I see they have a UPS addon, but it wont send a shutdown signal for prolonged power cuts, the one with usb ports paired with a normal one might do it
Naomi, you’re making me want to get a Protectli now 👏
If I got one of those things I would not know how to set it up even after watching the video... also I know Tom Baker the 4th Doctor, and when I called him on the phone he answered, I think he still lives in the same house he was living in back in the 20th century.
omg... I have similar device! Another great straithforward video... thumb up!
Happy to see you again and thanks 🥰
You guys make learning easy and fun. Please make more.
Thank you so much!
I moved from a pfsense setup to a Microtik router/switch. The price was competitive and their RouterOS is enterprise level software. Plus the mikrotik throughput was much higher than what the pfsense box could handle.
What model?
CONCERN: @13:30, Protectli OS CORRUPTION. In areas with frequent power outages, it's not always possible to properly shut down devices. My current modem, router & switch start up OK when power is restored, whether I'm home or not. So, looks like you need to ADD a UPS to this setup. QUESTION: @18:50 why a MANAGED switch? Why not a simple unmanaged switch?
this video was much more advance than i would have suspected. you mention stuff like pfsense, coreboot bios and other technical tips. only thing you missed was pfblocker but this is still pretty good for newbies that need to know the basics.
can tell you put in the research and effort into this video. kudos :]
pf blocker is the 3rd video in this series, hasn't been release yet :)
love your videos, they make me wanna return to learn cybersecurity
Thank you for making this. Looking forward to watching the next episode.
Thank you for packing so much information at a fantastically easy to understand video
Great to make the digital genpop more security/privacy aware using products like pfSense.
(Not the most turnkey solution there is out there is though)
When installing pfsense I had to hit space bar to select the protectli drive. You didn't mention this in your tutorial so posting for awareness.
Great video! Question: Is there a reason why you went for pfsense instead of opnsense seeing that it has a friendly gui and more plugins?
It's what was recommended by Michael Bazzel so I defaulted to his setup
@@NaomiBrockwellTV on the upside as OPNsense is a fork of pfSense the learning curve to switch between them is pretty darn slim.
The 169.254.*.* IP range also applies in a Windows environment as well. I'd assume it happens in most OSs. The oldest version of Windows I remember seeing this with was Windows XP. The 169.254.*.* is also called an APIPA for Automatic Private IP Addressing. Another reason to use a separate device for the wireless you don't have to replace the router to gain access to newer wireless standards as you only have to replace the access point.
Also, some routers don't have the convenient setting to switch it into access point mode. If the router you are putting in access point mode, the main thing you need to do is turn off the DHCP server & if it provides the option to point it to one of the ID addresses not handed out by DHCP.
I remember seeing it with Windows 9x back when I had to fiddle with a late 90s/early 2000s "your first 10BaseT home network" kit I'd bought.
My setup is a lot different. My phone hotspot is my internet source. I use a GL-iNet "mango" router in repeater mode to a switch via ethernet cable. My guests can use WiFi and my PC uses ethernet. This Video is good for those that use cable internet. I just don't use any cable company.
A firewall can also block outgoing traffic. This is good to keep children safe from unwanted websites (blacklisting) and blocking certain outgoing ports usually assigned to known malicious software, although clever hackers can modify their software to change the common port. A good example of a port to block in a security conscious company would be port 3389 used for remote access.
Lots of junk out there. Netgear make lots of good stuff, but the R7000 router had a DNS rebinding issue. Wat back when I used a 3 modem setup, I had to move the R7000 from the front unit to one of the two back units. I have been using pfSense for many years. First 4 years I used the Netgate SG-2440 and the unit still works as a secondary FW. For about 5 years now, I am using a 6 port Qotom brick PC and very happy with it. I have VLANS and a LAGG setup.
Oh, one thing I've always got in my Internet connection (router etc) is a UPS backup, a battery backed up power supply in the event of a power cut. Also have one for computer supply. Costs half the amount of a desktop but waaaay less than losing data.
Not sure I understand why you would need pfSense if you've already got the firewall features of your router enabled, and you've got a relatively new router (
You're right. These types of videos are clickbait. It's mostly FUD imho!
Pfsense is the best firewall. Also can protect you from having the router ping the manufacturer with your data. Pfsense makes it easier to setup multiple networks to separate iot from your devices and guests. It blocks all incoming traffic unless requested by a device in the local network.
Got the Vilfo VPN router. They're roadmap shows a lot of transparency in my opinion. And it seems like they do update more regularly than any vendor I've seen.
As far as security, I haven't gotten hit once since installation in November 2022 thanks to their software based built-in VPN server(separate from whomever your VPN provider is as it supports multiple providers).
They do allow you to but do not recommend opening the remote WAN which was the case for my old ISP router that caused my Synology NAS to get hit with over 10,000 attempts via bots or hackers from 2014 to November 2022 which were recorded by its auto block feature.
Thanks very much Naomi, I'm not based in the US, so I take I can't really make use of the content of this video? But I'm going to read up on all the things mentioned. 👍🏼
PFSense here. Internal networks/servers/VM's on zero trust networking principles (including WLAN isolation).
Zero trust: Block all traffic, specific services (ports) only as needed. GeoIP blocking, and other mitigations at the network layer.
Separate vLAN's for storage, services/VM's, out of band management, and clients.
I'd say my network is pretty hardened. 😅
I don't have any money to spend on an add-on box. How can we adjust our EXISTING routers to be as secure as possible? Also, in California, our power often shuts off with no warning, so we need robust boxes that will not become corrupted when power cycled. Thanks.
Excellent information. Thank you.
12:43 Chuck is informative, but he's always so tense!
It would be great if device manufacturers or at least router manufacturers would just support OpenWRT or pfSense directly, and maybe just make a custom interface of one of those for their router.
Speaking of, can you compare pfSense, OpenWRT, and DD-WRT? My usual setup involves making sure to use an OpenWRT supported router, and since I'm already familiar with IP CHAINS in Linux, it makes sense to me (with that said, OpenWRT and DD-WRT do have pretty decent UIs that make it easy to do typical firewall changes without having to get into the weeds with IP CHAINS). I like being able to just install an updated and more powerful firmware directly on the router that's connected directly to the wider Internet, and I get wanting to be able to just unplug just the Wifi (which, to be clear, could still be done with OpenWRT and a wholly separate device dedicated to that purpose, of course), but maybe I'm missing something with just using OpenWRT instead of pfSense?
Excellent comment. DD-WRT and OpenWRT are excellent, and are definitely worth investigating. They work with many models of wireless routers, and are a great way to rejuvenate and repurpose old equipment that might otherwise be discarded.
@@cdl0 Tomato does/did? as well, i have it on an old linksys e3200 to convert it to wireless bridge.
@@dwelfusius Yes, Tomato still exists, and is a good option for routers using a Broadcom chipset.
This is incredible!! Absolutely well done! Will be learning more about all this technology
Great video, one that everyone should see to understand the basic home network protections. Looking forward to the rest of the series
Just bought a protectli vault so excited to use pfsense.
After $2/300 for a nice Moden Router, It's hard for the average household to jusstify another $300 for Protectli Vault to keep our network safe. What are ISPs doing extra for our safety? They're raking in all the $$. Thanks again
Two extra security measures I'd recommend for an AP is first disabling SSID broadcasting. The other is to setup a whitelist for MAC filtering.
Thanks so much for the insight it's a creepy internet now a days.👀😓
Now this is very very good information!! Thanks Naomi. You rock
Thanks for watching!
Thanks for another great video!
Just found your channel love your videos already they are educational and very informative thank you ❤
Welcome!
Thats cool video, i run very similar network config. Waiting for pfsense tips on next video, thanks.
I love these videos , exactly what I was looking for
Awesome video! Time to upgrade!
Great content Naomi (as always)!
Is there anyone out there who can cure Network Chuck from continually slurping his coffee?
😂